You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Since I originally posted on June 25, 2013, and Aussie Addict noknojon has generously tried to help me resolve my issues, and since we are now stuck without a resolution, it was suggested that I move my topic here. This forum and the people who fix things are able to use bigger and better scans to fix items I'm told. The link below will hopefully describe my situation without having to repeat everything:

At this point, what is still unresolved is that many of my files (with different extensions) are still hidden/moved to another folder. When I try to locate my files in the search area, they show as shortcuts. When I double click on some of these shortcuts, the file opens up and it is actually usable (jpg, spreadsheets). Where the missing files were initially in My Documents, it seems they have been moved to Owners Documents. The original file doesn't show up in the search area under Owners Docs even though I have changed view to show all files, extensions, and hidden system files.

Many of the shortcuts on my desktop were missing (I've added most back) the favorites, history, favorites bar, AVG secure toolbar are missing from my browser, startup menu items mostly missing/hidden. Many apps. that I open act like they've never been configured before (i.e. windows media play). I'm sure I can do some kind of manual switcheroo to get most of these things back, but I'm afraid I'll miss something important, or worse yet that the virus is still buried deep inside my computer. I've probably logged 30 hours of scanning at this point, and I'll do whatever I can to help you help me get this poor old computer healthy again. Please let me know what you need next, and I will be happy to provide it.

Thanks so much for your attention to my issue. I know you are probably slammed everyday. I'll continue to research your site and my computer for any other information I can find. I look forward to your response.

BC AdBot (Login to Remove)

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

A small box will open, with an explanation about the tool. No input is needed, the scan is running.

Notepad will open with the results.

Follow the instructions that pop up for posting the results.

Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Since the posting instructions told me not to change anything until someone from this forum worked with me, I have not done anything more to try and resolve my issue on my own other than read other forum info. to see if someone else had the same issue. I am sending through the same information as I sent before which already described my issue in detail. The link listed below is page 3 of 3. Pages 1 and 2 list my original issue and the steps another member walked me through until we got stuck and he couldn't help me with deeper scans like Combofix, etc. in that forum. So I've been patiently awaiting help from someone in this forum. I do not have the original Windows CD, but I made a recovery disk and there is something on my partition for recovery. Since I haven't done much on my computer since my last post, I did not include another DDS file (I'm writing this from my laptop).

Here is a copy of my original post to this forum::

Since I originally posted on June 25, 2013, and Aussie Addict noknojon has generously tried to help me resolve my issues, and since we are now stuck without a resolution, it was suggested that I move my topic here. This forum and the people who fix things are able to use bigger and better scans to fix items I'm told. The link below will hopefully describe my situation without having to repeat everything:

At this point, what is still unresolved is that many of my files (with different extensions) are still hidden/moved to another folder. When I try to locate my files in the search area, they show as shortcuts. When I double click on some of these shortcuts, the file opens up and it is actually usable (jpg, spreadsheets). Where the missing files were initially in My Documents, it seems they have been moved to Owners Documents. The original file doesn't show up in the search area under Owners Docs even though I have changed view to show all files, extensions, and hidden system files.

Many of the shortcuts on my desktop were missing (I've added most back) the favorites, history, favorites bar, AVG secure toolbar are missing from my browser, startup menu items mostly missing/hidden. Many apps. that I open act like they've never been configured before (i.e. windows media play). I'm sure I can do some kind of manual switcheroo to get most of these things back, but I'm afraid I'll miss something important, or worse yet that the virus is still buried deep inside my computer. I've probably logged 30 hours of scanning at this point, and I'll do whatever I can to help you help me get this poor old computer healthy again. Please let me know what you need next, and I will be happy to provide it.

Thanks so much for your attention to my issue. I know you are probably slammed everyday. I'll continue to research your site and my computer for any other information I can find. I look forward to your response.

I'm so happy to hear from you! I thought maybe I got lost in the shuffle :-) Here is the log you requested. I look forward to resolving this issue. I really appreciate you working with me and walking me through the needed steps. Thanks so much!

I'm not sure what the combofix scan shows you as far as infection goes, but after I ran the scan, I looked around windows explorer for pics, music, docs, etc., and lots of files still appear to be missing as well as my IE toolbars (AVG safe search), history, and favorites etc..

However, when I look for certain files that appear to be missing by using the "search" feature, I can see some of the pics or music, and when I check the properties, they appear to be in the correct place. However, I can't see or get to them through the usual method. It's as though the attributes have been changed or hidden in some way. Very frustrating, but can work around it a bit by finding things through search. Sometimes, I can open it from there, and sometimes I can't. I have no idea how many files were affected by this issue.

This was the 3rd time I've tried this application since I started the resolution process on June 25. Files are still not showing up under my documents (even though search says they are there), but when I look under documents and settings\default user\owner's documents, I can see the original missing files under sub folders in that pathway. Still can't see the AVG Safe search toolbar in IE, etc. either. I'm ready to start the rootkit scan. I'll set a recovery point first.

I was looking at a folder that was created on 6/25/13 (when all my trouble started at bootup). It is a sub folder called TEMP under documents and settings and is 1.58 GB with 6291 files and 2254 folders. As I copy logs from my desktop into "my documents", I can find them in the sub folder of "my documents" looking in this TEMP folder.

I also found some of the same files from the TEMP/my documents folder and many others that are missing by looking under docs and settings/owner/owner's documents. It seems some of the files duplicated themselves and others have been moved. So confusing........

I could move the files that I need so they are all in one area, but I'm not sure where they belong and I don't want to duplicate because my computer doesn't have enough room. That is my dilemma (after making sure I don't have any more infections on my computer). The other issue seems to be that I can't make the AVG addon show up on IE. I can make new shortcuts as I need them, so don't really care about old history or old favorites on the toolbar.

My biggest question is how I even got this virus/worm/malware in the first place (so I don't have it happen again.).

Hopefully, I haven't confused you too much about what I'm saying here. I'm just trying to provide as much info. to you as I can. Thanks again for all your help.

The other issue seems to be that I can't make the AVG addon show up on IE. I can make new shortcuts as I need them, so don't really care about old history or old favorites on the toolbar.

Internet Explorer is the weakest browser in terms of security, as it is heavily targeted by malware writers. I strongly recommend switching to Google Chrome or Mozilla Firefox, as they are far more secure.

My biggest question is how I even got this virus/worm/malware in the first place (so I don't have it happen again.).

Could have been through a dodgy link or email. Accidentally accessed a nasty website. Hard to say.

Extras.txt is below - By the way, yesterday Windows automatically updated 13 files and Adobe Flashplayer also auto updated. I actually use Google Chrome as my default browser but sometime use IE 8.0 because Secunia.com doesn't seem to load with Google Chrome.

I downloaded OTL.exe to my desktop but it wouldn't run from there as it thought it was a temporary folder. So I moved it to owner's documents and ran it from there. It worked. I'll send the other .txt on a separate post.

Oops, looks like this is the extras.txt and the last one was the OTL.txt. I mixed them up. Sorry. Wow, there is a lot of information here. I'm amazed at what you can figure out with all this stuff. I'm so glad you know what you are doing Dark Knight :-)

Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

Click the redRun Fix button.

A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

With this weird TEMP issue you have raised, please see this topic and see if it helps: